Legal claims defining the scope of protection. Each claim is shown in both the original legal language and a plain English translation.
1. A method, implemented by a computing system, for authenticating user credentials, the method comprising: receiving input user credentials that include a password and timing information, the timing information defining a time when individual elements of the password were input; accessing stored user credentials that include a stored password and stored timing information, the stored timing information defining a required time when individual elements of the stored password must be input, wherein the stored timing information comprises at least one of: i) one of absolute values when individual elements of the password must be input or relative values defining a duration between input of adjacent elements of the password, and the timing information of the input user credentials comprises the other of absolute values or relative values; ii) an average of timing information generated from multiple inputs of the stored password; and iii) a range for at least one element of the stored password, the range encompassing minimum and maximum values when the element was input during multiple inputs of the stored password; comparing the timing information of the input user credentials to the stored timing information to determine whether the individual elements of the password were input in accordance with the stored timing information; and upon determining that the individual elements of the password were input in accordance with the stored timing information, authenticating the input user credentials.
2. The method of claim 1 , wherein the stored timing information defines the required time as a range of times within which an individual element must be input.
3. The method of claim 2 , wherein the range of times is defined using a variance parameter.
4. The method of claim 1 , wherein the input user credentials and the stored user credentials include a username.
5. The method of claim 1 , wherein the stored timing information defines the required time as a duration of time between the input of adjacent elements.
6. The method of claim 1 , wherein the stored timing information is stored separately from the stored password.
7. The method of claim 1 , wherein the input user credentials are received from a computing device or from user input to a component of the computing system.
8. A method, implemented by a computing device with which a user inputs user credentials that include a password, for generating timing information for the password, the method comprising: receiving user input of a password, the password comprising a plurality of elements; while the password is input, determining when each of the plurality of elements is input; and generating timing information which defines when each of the plurality of elements was input, wherein the timing information comprises at least one of: i) one of absolute values when individual elements of the password must be input or relative values defining a duration between input of adjacent elements of the password, and the timing information of the input user credentials comprises the other of absolute values or relative values; ii) an average of timing information generated from multiple inputs of the stored password; and iii) a range for at least one element of the stored password, the range encompassing minimum and maximum values when the element was input during multiple inputs of the stored password.
9. The method of claim 8 , further comprising at least one of: transmitting the timing information to another computing system in the form of a request to establish user credentials for authenticating with the computing system or in the form of a request to authenticate with the computing system; associating at least one variance parameter with the timing information; and comparing the timing information to stored timing information as part of an authentication process.
10. The method of claim 8 , wherein the timing information defines at least one of: a duration of time between the input of each set of adjacent elements in the plurality of elements; and an absolute time when each of at least a second element through a last element was input.
11. The method of claim 8 , wherein receiving user input of the password comprises receiving user input of the password multiple times, and wherein the timing information is generated based on the multiple inputs of the password.
12. A server system comprising: one or more processors; and computer readable media storing computer executable instructions which when executed implement a method for authenticating a user comprising: receiving, from a first user interface displayed on a first client computing device, a first username, a first password, and first timing information defining when each element of the first password was input into the first user interface by a user; storing the first username, first password, and first timing information as user credentials for the user for authenticating with the server system; receiving, from another user interface displayed on a second client computing device, a second username, a second password, and second timing information defining when each element of the second password was input into the second user interface by the user; comparing the second username, the second password, and the second timing information to the first username, the first password, and the first timing information; and upon determining that the second username, the second password, and the second timing information match the first username, the first password, and the first timing information, authenticating the user, wherein the first timing information comprises at least one of: i) one of absolute values when individual elements of the first password must be input or relative values defining a duration between input of adjacent elements of the first password, and the first timing information comprises the other of absolute values or relative values; ii) an average of timing information generated from multiple inputs of the first password; and iii) a range for at least one element of the first password, the range encompassing minimum and maximum values when the element of the first password was input during multiple inputs of the first password.
13. The server system of claim 12 , wherein the first client computing device and the second client computing device are different client computing devices.
A system for managing data access between multiple client computing devices involves a server system that facilitates secure and efficient data sharing. The system addresses challenges in coordinating data access across different devices, ensuring consistency and security while minimizing latency. The server system includes a data storage module that stores data and a communication module that transmits data to and receives data from client computing devices. The system also includes a synchronization module that ensures data consistency across multiple devices by tracking changes and propagating updates. Additionally, a security module enforces access controls and encryption to protect data integrity and confidentiality. The server system is designed to interact with at least two distinct client computing devices, each capable of sending and receiving data while maintaining synchronization. The system dynamically adjusts data transmission based on network conditions and device capabilities to optimize performance. This approach ensures seamless data access and collaboration across different devices while maintaining security and reliability.
14. The server system of claim 12 , wherein determining that the second timing information matches the first timing information comprises determining that each element of the second password was input within a variance of when the corresponding element of the first password was input.
A system for secure authentication compares timing patterns of password inputs to verify user identity. The system captures the time intervals between keystrokes or input elements during password entry and stores these as a timing profile. During authentication, the system compares the timing of a new input against the stored profile. A match is determined if each element of the new input is entered within an acceptable variance of the corresponding element in the stored profile. This method enhances security by detecting anomalies in typing rhythm, which may indicate unauthorized access. The system may also include additional authentication factors, such as traditional password matching or biometric verification, to further strengthen security. The timing-based comparison is particularly useful for detecting replay attacks or automated brute-force attempts, as these typically lack the natural timing variations of human input. The system can be integrated into existing authentication frameworks to provide an additional layer of protection without requiring users to remember additional credentials. The timing variance threshold can be adjusted based on user behavior or security policies to balance usability and security.
Unknown
February 2, 2021
Browse 5M+ US patents with plain-English claim translations and AI-generated analysis.